ib_status_t ib_capture_acquire(
const ib_tx_t *tx,
const char *collection_name,
ib_field_t **field
)
{
assert(tx != NULL);
assert(tx->var_store != NULL);
ib_status_t rc;
ib_var_source_t *source;
/* Look up the capture list */
collection_name = get_collection_name(collection_name);
// @todo Acquire source at configuration time.
rc = ib_var_source_acquire(&source,
tx->mm,
ib_engine_var_config_get(tx->ib),
collection_name, strlen(collection_name)
);
if (rc != IB_OK) {
return rc;
}
rc = ib_var_source_get(source, field, tx->var_store);
if (
rc == IB_ENOENT ||
(rc == IB_OK && (*field)->type != IB_FTYPE_LIST)
) {
rc = ib_var_source_initialize(
source,
field,
tx->var_store,
IB_FTYPE_LIST
);
}
if (rc != IB_OK) {
return rc;
}
return IB_OK;
}
/* Called when module is loaded. */
static ib_status_t geoip_init(ib_engine_t *ib, ib_module_t *m, void *cbdata)
{
ib_status_t rc;
GeoIP *geoip_db = NULL;
module_data_t *mod_data;
mod_data = ib_mpool_calloc(ib_engine_pool_main_get(ib),
sizeof(*mod_data), 1);
if (mod_data == NULL) {
return IB_EALLOC;
}
ib_log_debug(ib, "Initializing default GeoIP database...");
geoip_db = GeoIP_new(GEOIP_MMAP_CACHE);
if (geoip_db == NULL) {
ib_log_debug(ib, "Failed to initialize GeoIP database.");
return IB_EUNKNOWN;
}
ib_log_debug(ib, "Initializing GeoIP database complete.");
ib_log_debug(ib, "Registering handler...");
/* Store off pointer to our module data structure */
mod_data->geoip_db = geoip_db;
/* And point the generic module data at it */
m->data = mod_data;
rc = ib_hook_tx_register(ib,
handle_context_tx_event,
geoip_lookup,
mod_data);
if (rc != IB_OK) {
ib_log_debug(
ib,
"Failed to register tx hook: %s",
ib_status_to_string(rc));
return rc;
}
ib_log_debug(ib, "Done registering handler.");
rc = ib_var_source_register(
&(mod_data->geoip_source),
ib_engine_var_config_get(ib),
IB_S2SL("GEOIP"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK) {
ib_log_warning(ib,
"GeoIP failed to register \"GEOIP\" var: %s",
ib_status_to_string(rc)
);
/* Continue */
}
if (rc != IB_OK) {
ib_log_debug(ib, "Failed to load GeoIP module.");
return rc;
}
geoip_directive_map[0].cbdata_cb = mod_data;
ib_log_debug(ib, "GeoIP module loaded.");
return IB_OK;
}
/**
* Called to initialize the user agent module (when the module is loaded).
*
* Registers a handler for the request_header_finished_event event.
*
* @param[in,out] ib IronBee object
* @param[in] m Module object
* @param[in] cbdata (unused)
*
* @returns Status code
*/
static ib_status_t modua_init(ib_engine_t *ib, ib_module_t *m, void *cbdata)
{
ib_status_t rc;
modua_match_rule_t *failed_rule;
unsigned int failed_frule_num;
/* Register the user agent callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_user_agent,
m);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Register the remote address callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_remoteip,
m);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Initializations */
rc = modua_ruleset_init(&failed_rule, &failed_frule_num);
if (rc != IB_OK) {
ib_log_error(ib,
"User agent rule initialization failed"
" on rule %s field rule #%d: %s",
failed_rule->label, failed_frule_num, ib_status_to_string(rc));
}
/* Get the rules */
modua_match_ruleset = modua_ruleset_get( );
if (modua_match_ruleset == NULL) {
ib_log_error(ib, "Failed to get user agent rule list: %s", ib_status_to_string(rc));
return rc;
}
ib_log_debug(ib,
"Found %d match rules",
modua_match_ruleset->num_rules);
rc = ib_var_source_register(
NULL,
ib_engine_var_config_get(ib),
IB_S2SL("remote_addr"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK && rc != IB_EEXIST) {
ib_log_warning(ib,
"User agent failed to register \"remote_addr\": %s",
ib_status_to_string(rc)
);
/* Continue. */
}
rc = ib_var_source_register(
NULL,
ib_engine_var_config_get(ib),
IB_S2SL("UA"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK) {
ib_log_warning(ib,
"User agent failed to register \"UA\": %s",
ib_status_to_string(rc)
);
/* Continue. */
}
rc = ib_hook_context_register(ib, context_close_event,
modua_ctx_close, m);
if (rc != IB_OK) {
ib_log_error(ib,
"Could not register context close hook: %s",
ib_status_to_string(rc));
return rc;
}
return IB_OK;
}
/**
* Called at context close. Initialized user-agent target.
*
* @param[in] ib Engine
* @param[in] ctx Context
* @param[in] event Event triggering the callback
* @param[in] cbdata Callback data (module).
*
* @returns Status code
*/
static
ib_status_t modua_ctx_close(
ib_engine_t *ib,
ib_context_t *ctx,
ib_state_event_type_t event,
void *cbdata
)
{
ib_module_t *m = (ib_module_t *)cbdata;
if (ib_context_type(ctx) == IB_CTYPE_MAIN) {
modua_config_t *cfg;
ib_var_target_t *target;
ib_status_t rc;
rc = ib_context_module_config(ctx, m, &cfg);
if (rc != IB_OK) {
ib_log_error(ib, "Can't fetch configuration: %s",
ib_status_to_string(rc));
return rc;
}
rc = ib_var_target_acquire_from_string(
&target,
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("request_headers:User-Agent"),
NULL, NULL
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring target for User-Agent header: %s",
ib_status_to_string(rc));
return rc;
}
cfg->user_agent = target;
rc = ib_var_target_acquire_from_string(
&target,
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("request_headers:X-Forwarded-For"),
NULL, NULL
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring target for X-Forwarded-For header: %s",
ib_status_to_string(rc));
return rc;
}
cfg->forwarded_for = target;
rc = ib_var_source_acquire(
&(cfg->remote_addr),
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("remote_addr")
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring source for remote_addr"
" header: %s",
ib_status_to_string(rc));
return rc;
}
}
return IB_OK;
}
/**
* Parse the user agent header, splitting into component fields.
*
* Attempt to tokenize the user agent string passed in, storing the
* result in the DPI associated with the transaction.
*
* @param[in] ib IronBee object
* @param[in,out] tx Transaction object
* @param[in] bs Byte string containing the agent string
*
* @returns Status code
*/
static ib_status_t modua_agent_fields(ib_engine_t *ib,
ib_tx_t *tx,
const ib_bytestr_t *bs)
{
const modua_match_rule_t *rule = NULL;
ib_field_t *agent_list = NULL;
char *product = NULL;
char *platform = NULL;
char *extra = NULL;
char *agent;
char *buf;
size_t len;
ib_status_t rc;
ib_var_source_t *source;
/* Get the length of the byte string */
len = ib_bytestr_length(bs);
/* Allocate memory for a copy of the string to split up below. */
buf = (char *)ib_mpool_calloc(tx->mp, 1, len+1);
if (buf == NULL) {
ib_log_error_tx(tx,
"Failed to allocate %zd bytes for agent string",
len+1);
return IB_EALLOC;
}
/* Copy the string out */
memcpy(buf, ib_bytestr_const_ptr(bs), len);
buf[len] = '\0';
ib_log_debug_tx(tx, "Found user agent: '%s'", buf);
/* Copy the agent string */
agent = (char *)ib_mpool_strdup(tx->mp, buf);
if (agent == NULL) {
ib_log_error_tx(tx, "Failed to allocate copy of agent string");
return IB_EALLOC;
}
/* Parse the user agent string */
rc = modua_parse_uastring(buf, &product, &platform, &extra);
if (rc != IB_OK) {
ib_log_debug_tx(tx, "Failed to parse User Agent string '%s'", agent);
return IB_OK;
}
/* Categorize the parsed string */
rule = modua_match_cat_rules(product, platform, extra);
if (rule == NULL) {
ib_log_debug_tx(tx, "No rule matched" );
}
else {
ib_log_debug_tx(tx, "Matched to rule #%d / category '%s'",
rule->rule_num, rule->category );
}
/* Build a new list. */
rc = ib_var_source_acquire(
&source, tx->mp, ib_engine_var_config_get(ib), IB_S2SL("UA")
);
if (rc != IB_OK) {
ib_log_alert_tx(tx, "Unable to acquire source for UserAgent list.");
return rc;
}
rc = ib_var_source_initialize(
source, &agent_list, tx->var_store, IB_FTYPE_LIST
);
if (rc != IB_OK)
{
ib_log_alert_tx(tx, "Unable to add UserAgent list to DPI.");
return rc;
}
/* Store Agent */
rc = modua_store_field(ib, tx->mp, agent_list, "agent", agent);
if (rc != IB_OK) {
return rc;
}
/* Store product */
rc = modua_store_field(ib, tx->mp, agent_list, "PRODUCT", product);
if (rc != IB_OK) {
return rc;
}
/* Store Platform */
rc = modua_store_field(ib, tx->mp, agent_list, "OS", platform);
if (rc != IB_OK) {
return rc;
}
/* Store Extra */
rc = modua_store_field(ib, tx->mp, agent_list, "extra", extra);
if (rc != IB_OK) {
return rc;
}
/* Store Extra */
if (rule != NULL) {
rc = modua_store_field(ib, tx->mp, agent_list,
"category", rule->category);
}
else {
rc = modua_store_field(ib, tx->mp, agent_list, "category", NULL );
}
if (rc != IB_OK) {
return rc;
}
/* Done */
return IB_OK;
}
VarConfig Engine::var_config() const
{
return VarConfig(ib_engine_var_config_get(ib()));
}
